The Schellman Blog

Among the many changes in the new PCI DSS v4.0 are those regarding requirement 11.4.4, which refers to the remediation of "exploitable vulnerabilities" and "security weaknesses”—though history has more clearly established what is meant by the former, there may be some confusion concerning the latter as organizations continue to make the transition to the new version.

Some might say a good decision is based on knowledge and not on numbers.

Each year, we as a country recognize our nation’s patriots on Veteran’s Day. To demonstrate our support, the veterans at Schellman have recently organized an Employee Resource Group (ERG) known as BRAVO. BRAVO stands for Bringing Resources and Awareness to Veteran Opportunities, and our purpose is “to promote the inclusiveness of veterans into the company workforce, provide opportunities for existing and transitioning veterans, and educate other team members on veteran issues and opportunities for outreach.” As a group, BRAVO remains ready to serve both its veterans already on staff as well as those transitioning from service in each of the United States Armed Forces.

Well over a year ago, the PCI Standards Council announced, in addition to other requirements, that a PCI charter would now be required for service providers after January 31, 2018. Few service providers have implemented this yet, but all will soon need one to maintain or achieve PCI compliance.

It’s ten p.m. on a weekend night. You’re relaxing at home when your phone rings. It’s your chief information security officer. Your company has experienced a security incident and panic starts to set in.

HITRUST, or the Health Insurance Trust Alliance, is a security organization and the creator of the Common Security Framework (CSF), "a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health, and financial information." Also, HITRUST developed a standard security report that addresses risk and compliance issues and helps compare security issues for an organization with others across the industry.

The media has been filled with stories of high profile credit card breaches, including those from Target, Neiman Marcus, P.F. Chang’s and most recently Home Depot. Details on the Home Depot breach are still emerging, but the details around the Target and Neiman Marcus breaches are well known and causing the public to ask if it will happen again?